Difference between revisions of "OpenSSH"

From wikieduonline
Jump to navigation Jump to search
 
(26 intermediate revisions by one other user not shown)
Line 1: Line 1:
'''[[wikipedia:OpenSSH|OpenSSH]]''' is a popular suite of software utilities implementing [[Secure Shell]] (SSH) protocol. OpenSSH includes the ability to set up a [[TCP]] secured channel and it is widely use as a replacement for not secured [[telnet]] and secure replacement of file transfers such as rcp and ftp. OpenSSH offers a great number of features including ssh session multiplexing.
+
'''[[wikipedia:OpenSSH|OpenSSH]]''' is a popular suite of software utilities implementing [[Secure Shell]] (SSH) protocol. OpenSSH includes the ability to set up a [[TCP]] secured channel and it is widely use as a replacement for not secured [[telnet]] and secure replacement of file transfers such as rcp and ftp. OpenSSH offers a great number of features including ssh [[session multiplexing]].
 
<ref>https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Multiplexing</ref><ref>https://stackoverflow.com/questions/20410252/how-to-reuse-an-ssh-connection</ref>  
 
<ref>https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Multiplexing</ref><ref>https://stackoverflow.com/questions/20410252/how-to-reuse-an-ssh-connection</ref>  
  
  
 
The OpenSSH suite includes the following command-line utilities and daemons:
 
The OpenSSH suite includes the following command-line utilities and daemons:
* <code>[[ssh (OpenSSH client)|ssh]]</code>, ssh client and TCP secure replacement for {{Mono|rlogin}}, {{Mono|rsh}} and {{Mono|[[telnet]]}} to allow shell access to a remote machine.
+
* <code>[[ssh (OpenSSH client)|ssh]]</code>, [[ssh client]] and TCP secure replacement for <code>[[rlogin]]</code>, <code>[[rsh]]</code> and <code>[[telnet]]</code> to allow shell access to a remote machine.
 
* <code>[[scp]]</code>, a replacement for <code>[[rcp]]</code>
 
* <code>[[scp]]</code>, a replacement for <code>[[rcp]]</code>
 
* <code>sftp</code>, a replacement for <code>[[ftp]]</code> to copy files between computers
 
* <code>sftp</code>, a replacement for <code>[[ftp]]</code> to copy files between computers
 
* <code>[[sshd]]</code>, the SSH server daemon which allows shell access and file transfers to a remote machine.
 
* <code>[[sshd]]</code>, the SSH server daemon which allows shell access and file transfers to a remote machine.
 
* <code>[[ssh-keygen]]</code>, a tool to inspect and generate the RSA, DSA and Elliptic Curve keys that are used for user and host authentication
 
* <code>[[ssh-keygen]]</code>, a tool to inspect and generate the RSA, DSA and Elliptic Curve keys that are used for user and host authentication
 +
* <code>[[ssh-keyscan]]</code>, which scans a list of hosts and collects their public keys
 
* <code>[[ssh-agent]]</code> and <code>[[ssh-add]]</code>, utilities to ease authentication by holding keys ready and avoid the need to enter passphrases every time they are used
 
* <code>[[ssh-agent]]</code> and <code>[[ssh-add]]</code>, utilities to ease authentication by holding keys ready and avoid the need to enter passphrases every time they are used
* <code>[[ssh-keyscan]]</code>, which scans a list of hosts and collects their public keys
 
 
* <code>[[ssh-copy-id]]</code>, copy local keys to remote machine.
 
* <code>[[ssh-copy-id]]</code>, copy local keys to remote machine.
  
Line 16: Line 16:
 
* [[Wikibooks: OpenSSH]]
 
* [[Wikibooks: OpenSSH]]
 
* [[OpenSSH changelog]]
 
* [[OpenSSH changelog]]
 +
 +
== Config ==
 +
* Client: <code>[[/etc/ssh/ssh_config]]</code> or <code>~./[[config]]</code>
 +
* Server: <code>[[/etc/ssh/sshd_config]]</code>
  
 
== ssh clients ==
 
== ssh clients ==
OpenSSH includes an ssh client:<code>[[ssh]]</code>. Others clients are available such us <code>putty</code>, <code>mosh</code>, <code>paramiko</code> and <code>autossh</code><ref>https://linux.die.net/man/1/autossh</ref>.
+
OpenSSH includes an ssh client:<code>[[ssh]]</code>. Others clients are available such us <code>[[PuTTY]]</code>, <code>mosh</code>, <code>paramiko</code> and <code>autossh</code><ref>https://linux.die.net/man/1/autossh</ref>.
  
 
<code>autossh</code><ref>https://linux.die.net/man/1/autossh</ref> main feature not include in OpenSSH ssh client is the capability to monitor an ssh connection and restart it if necessary.
 
<code>autossh</code><ref>https://linux.die.net/man/1/autossh</ref> main feature not include in OpenSSH ssh client is the capability to monitor an ssh connection and restart it if necessary.
  
* Loop waiting to connect to server: <code>AUTOSSH_POLL=5 AUTOSSH_GATETIME=0 autossh -M 0 -o ServerAliveInterval=5 -o ServerAliveCountMax=1 YOUR_SERVER_NAME_OR_IP</code>
+
* Loop waiting to connect to server: <code>AUTOSSH_POLL=5 AUTOSSH_GATETIME=0 [[autossh]] -M 0 -o ServerAliveInterval=5 -o ServerAliveCountMax=1 YOUR_SERVER_NAME_OR_IP</code>
  
 
Ssh clients in Linux are frequently executed inside a terminal or using any kind of terminal multiplexer such as <code>[[tmux]]</code> or <code>[[screen]]</code>.
 
Ssh clients in Linux are frequently executed inside a terminal or using any kind of terminal multiplexer such as <code>[[tmux]]</code> or <code>[[screen]]</code>.
Line 28: Line 32:
 
== Activities ==
 
== Activities ==
 
=== Basic ===
 
=== Basic ===
* ''Convert a putty ssh key format to Openssh format'', you can follow the following instructions http://www.codeblocq.com/2016/05/Convert-a-putty-ppk-key-to-a-pem-file-on-OSX/, https://stackoverflow.com/questions/3475069/use-ppk-file-in-mac-terminal-to-connect-to-remote-connection-over-ssh
+
* Install OpenSSH: <code>[[apt install]] openssh-server</code>
 +
* ''Convert a [[PuTTY]] ssh key format to Openssh format'', you can follow the following instructions http://www.codeblocq.com/2016/05/Convert-a-putty-ppk-key-to-a-pem-file-on-OSX/, https://stackoverflow.com/questions/3475069/use-ppk-file-in-mac-terminal-to-connect-to-remote-connection-over-ssh
 
* Open a reverse ssh tunnel, follow the following instructions https://www.howtoforge.com/reverse-ssh-tunneling
 
* Open a reverse ssh tunnel, follow the following instructions https://www.howtoforge.com/reverse-ssh-tunneling
 
* [[Configure OpenSSH to reuse ssh connections]] (<code>ControlMaster</code>)
 
* [[Configure OpenSSH to reuse ssh connections]] (<code>ControlMaster</code>)
* Generate a public Key from a private Key: <ref>https://serverfault.com/questions/52285/create-a-public-ssh-key-from-the-private-key</ref><code>[[ssh-keygen]] -f ~/.ssh/id_rsa -y > ~/.ssh/id_rsa.pub</code> (example for RSA keys but can be applied to other key types)
+
* Generate a public Key from a private Key: <ref>https://serverfault.com/questions/52285/create-a-public-ssh-key-from-the-private-key</ref><code>[[ssh-keygen]] -f ~/.ssh/id_rsa -y > ~/.ssh/id_rsa.pub</code> (example for [[RSA]] keys but can be applied to other key types)
 
* [[Configure OpenSSH to allow Public-key authentication]] (<code>authorized_keys</code>)<ref>https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server</ref>
 
* [[Configure OpenSSH to allow Public-key authentication]] (<code>authorized_keys</code>)<ref>https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server</ref>
* [[/Activate SSH on macos/]]: <code>sudo [[systemsetup]] -setremotelogin on</code>
+
* [[Activate SSH on macOS]]: <code>sudo [[systemsetup]] -setremotelogin on</code>
* Activate [[OpenSSH]] on [[Windows]]:
+
* [[Activate OpenSSH on Windows]] ([[Windows Server 2019]] or [[Windows 10]]):<ref>https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse</ref>
** <code>Add-WindowsCapability -Online -Name OpenSSH.Server*</code>
 
** <code>Start-Service sshd</code>
 
  
 
=== Intermediate ===
 
=== Intermediate ===
Line 44: Line 47:
 
=== Advanced ===
 
=== Advanced ===
 
# Read ssh documentation about multiplexing https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Multiplexing and its implementation details: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.mux?annotate=HEAD
 
# Read ssh documentation about multiplexing https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Multiplexing and its implementation details: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.mux?annotate=HEAD
# Configure ssh session multiplexing
+
# Configure ssh session [[multiplexing]]
 
# Use <code>[[ProxyJump]]</code> directive to connect using a "Jump Server"<ref>https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_Jump_Hosts#Passing_Through_One_or_More_Gateways_Using_ProxyJump</ref>
 
# Use <code>[[ProxyJump]]</code> directive to connect using a "Jump Server"<ref>https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_Jump_Hosts#Passing_Through_One_or_More_Gateways_Using_ProxyJump</ref>
 
# Run a shell script on a remote machine using ssh: <code>ssh root@MachineB 'bash -s' < local_script.sh</code><ref>https://stackoverflow.com/a/2732991</ref>. See also: [[parallel]]
 
# Run a shell script on a remote machine using ssh: <code>ssh root@MachineB 'bash -s' < local_script.sh</code><ref>https://stackoverflow.com/a/2732991</ref>. See also: [[parallel]]
 
# Read https://github.com/openssh/openssh-portable source code
 
# Read https://github.com/openssh/openssh-portable source code
 
# Read [[OpenSSH changelog]]
 
# Read [[OpenSSH changelog]]
 +
 +
== Related terms ==
 +
* [[MAC (message authentication code)]]
 +
* [[Damien Miller]]
 +
* [[Key Revocation Lists (KRL)]]
 +
* [[AWS EC2 Instance Connect]] (Jun 2019)
  
 
== See also ==
 
== See also ==
Line 58: Line 67:
 
* [[openssl]]
 
* [[openssl]]
 
* {{fail2ban}}
 
* {{fail2ban}}
 +
* {{security}}
  
 
{{CC license}}
 
{{CC license}}

Latest revision as of 13:13, 20 October 2022

OpenSSH is a popular suite of software utilities implementing Secure Shell (SSH) protocol. OpenSSH includes the ability to set up a TCP secured channel and it is widely use as a replacement for not secured telnet and secure replacement of file transfers such as rcp and ftp. OpenSSH offers a great number of features including ssh session multiplexing. [1][2]


The OpenSSH suite includes the following command-line utilities and daemons:

  • ssh, ssh client and TCP secure replacement for rlogin, rsh and telnet to allow shell access to a remote machine.
  • scp, a replacement for rcp
  • sftp, a replacement for ftp to copy files between computers
  • sshd, the SSH server daemon which allows shell access and file transfers to a remote machine.
  • ssh-keygen, a tool to inspect and generate the RSA, DSA and Elliptic Curve keys that are used for user and host authentication
  • ssh-keyscan, which scans a list of hosts and collects their public keys
  • ssh-agent and ssh-add, utilities to ease authentication by holding keys ready and avoid the need to enter passphrases every time they are used
  • ssh-copy-id, copy local keys to remote machine.

Readings[edit]

Config[edit]

ssh clients[edit]

OpenSSH includes an ssh client:ssh. Others clients are available such us PuTTY, mosh, paramiko and autossh[3].

autossh[4] main feature not include in OpenSSH ssh client is the capability to monitor an ssh connection and restart it if necessary.

  • Loop waiting to connect to server: AUTOSSH_POLL=5 AUTOSSH_GATETIME=0 autossh -M 0 -o ServerAliveInterval=5 -o ServerAliveCountMax=1 YOUR_SERVER_NAME_OR_IP

Ssh clients in Linux are frequently executed inside a terminal or using any kind of terminal multiplexer such as tmux or screen.

Activities[edit]

Basic[edit]

Intermediate[edit]

  • Learn about different client connection options, such us: -oBatchMode=yes or -o ConnectTimeout=2[8]
  • Connect to remote server temporarily turning off host key checking, (security implications): ssh -oStrictHostKeyChecking=no SERVER_NAME

Advanced[edit]

  1. Read ssh documentation about multiplexing https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Multiplexing and its implementation details: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.mux?annotate=HEAD
  2. Configure ssh session multiplexing
  3. Use ProxyJump directive to connect using a "Jump Server"[9]
  4. Run a shell script on a remote machine using ssh: ssh root@MachineB 'bash -s' < local_script.sh[10]. See also: parallel
  5. Read https://github.com/openssh/openssh-portable source code
  6. Read OpenSSH changelog

Related terms[edit]

See also[edit]

Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy.

Original source: https://en.wikiversity.org/wiki/OpenSSH

Advertising: